Java Code Examples for org.ietf.jgss.GSSException#printStackTrace()
The following examples show how to use
org.ietf.jgss.GSSException#printStackTrace() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: NoneReplayCacheTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args)
throws Exception {
new OneKDC(null);
System.setProperty("sun.security.krb5.rcache", "none");
System.setProperty("sun.security.krb5.acceptor.subkey", "true");
Context c, s;
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
byte[] first = c.take(new byte[0]);
c.take(s.take(first));
byte[] msg = c.wrap("hello".getBytes(), true);
s.unwrap(msg, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.take(first); // apreq replay not detectable
try {
s.unwrap(msg, true); // msg replay detectable
throw new Exception("This method should fail");
} catch (GSSException gsse) {
gsse.printStackTrace();
}
}
Example 2
| Source File: NoneReplayCacheTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args)
throws Exception {
new OneKDC(null);
System.setProperty("sun.security.krb5.rcache", "none");
System.setProperty("sun.security.krb5.acceptor.subkey", "true");
Context c, s;
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
byte[] first = c.take(new byte[0]);
c.take(s.take(first));
byte[] msg = c.wrap("hello".getBytes(), true);
s.unwrap(msg, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.take(first); // apreq replay not detectable
try {
s.unwrap(msg, true); // msg replay detectable
throw new Exception("This method should fail");
} catch (GSSException gsse) {
gsse.printStackTrace();
}
}
Example 3
| Source File: MSOID.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 4
| Source File: NoneReplayCacheTest.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args)
throws Exception {
new OneKDC(null);
System.setProperty("sun.security.krb5.rcache", "none");
System.setProperty("sun.security.krb5.acceptor.subkey", "true");
Context c, s;
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
byte[] first = c.take(new byte[0]);
c.take(s.take(first));
byte[] msg = c.wrap("hello".getBytes(), true);
s.unwrap(msg, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.take(first); // apreq replay not detectable
try {
s.unwrap(msg, true); // msg replay detectable
throw new Exception("This method should fail");
} catch (GSSException gsse) {
gsse.printStackTrace();
}
}
Example 5
| Source File: NegotiatorImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
* @param token the token received from server
* @return the next token
* @throws java.io.IOException if the token cannot be created successfully
*/
@Override
public byte[] nextToken(byte[] token) throws IOException {
try {
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support cannot continue. Reason:");
e.printStackTrace();
}
IOException ioe = new IOException("Negotiate support cannot continue");
ioe.initCause(e);
throw ioe;
}
}
Example 6
| Source File: NoneReplayCacheTest.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args)
throws Exception {
new OneKDC(null);
System.setProperty("sun.security.krb5.rcache", "none");
System.setProperty("sun.security.krb5.acceptor.subkey", "true");
Context c, s;
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
byte[] first = c.take(new byte[0]);
c.take(s.take(first));
byte[] msg = c.wrap("hello".getBytes(), true);
s.unwrap(msg, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.take(first); // apreq replay not detectable
try {
s.unwrap(msg, true); // msg replay detectable
throw new Exception("This method should fail");
} catch (GSSException gsse) {
gsse.printStackTrace();
}
}
Example 7
| Source File: MSOID.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 8
| Source File: NegotiatorImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
* @param token the token received from server
* @return the next token
* @throws java.io.IOException if the token cannot be created successfully
*/
@Override
public byte[] nextToken(byte[] token) throws IOException {
try {
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support cannot continue. Reason:");
e.printStackTrace();
}
IOException ioe = new IOException("Negotiate support cannot continue");
ioe.initCause(e);
throw ioe;
}
}
Example 9
| Source File: JAXRSIntermediaryPortTypeImpl.java From cxf with Apache License 2.0 | 5 votes |
|
public int doubleIt(int numberToDouble) {
URL wsdl = JAXRSIntermediaryPortTypeImpl.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
DoubleItPortType transportPort =
service.getPort(portQName, DoubleItPortType.class);
try {
updateAddressPort(transportPort, KerberosDelegationTokenTest.PORT);
} catch (Exception ex) {
ex.printStackTrace();
}
// Retrieve delegated credential + set it on the outbound message
SecurityContext securityContext =
PhaseInterceptorChain.getCurrentMessage().get(SecurityContext.class);
if (securityContext instanceof KerberosSecurityContext) {
KerberosSecurityContext ksc = (KerberosSecurityContext)securityContext;
try {
GSSCredential delegatedCredential = ksc.getGSSContext().getDelegCred();
Map<String, Object> context = ((BindingProvider)transportPort).getRequestContext();
context.put(SecurityConstants.DELEGATED_CREDENTIAL, delegatedCredential);
} catch (GSSException e) {
e.printStackTrace();
}
}
return transportPort.doubleIt(numberToDouble);
}
Example 10
| Source File: NegotiatorImpl.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor
* @throws java.io.IOException If negotiator cannot be constructed
*/
public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
try {
init(hci);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support not initiated, will " +
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
IOException ioe = new IOException("Negotiate support not initiated");
ioe.initCause(e);
throw ioe;
}
}
Example 11
| Source File: NoneReplayCacheTest.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args)
throws Exception {
new OneKDC(null);
System.setProperty("sun.security.krb5.rcache", "none");
System.setProperty("sun.security.krb5.acceptor.subkey", "true");
Context c, s;
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
byte[] first = c.take(new byte[0]);
c.take(s.take(first));
byte[] msg = c.wrap("hello".getBytes(), true);
s.unwrap(msg, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.take(first); // apreq replay not detectable
try {
s.unwrap(msg, true); // msg replay detectable
throw new Exception("This method should fail");
} catch (GSSException gsse) {
gsse.printStackTrace();
}
}
Example 12
| Source File: NegotiatorImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor
* @throws java.io.IOException If negotiator cannot be constructed
*/
public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
try {
init(hci);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support not initiated, will " +
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
IOException ioe = new IOException("Negotiate support not initiated");
ioe.initCause(e);
throw ioe;
}
}
Example 13
| Source File: NegotiatorImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor
* @throws java.io.IOException If negotiator cannot be constructed
*/
public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
try {
init(hci);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support not initiated, will " +
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
IOException ioe = new IOException("Negotiate support not initiated");
ioe.initCause(e);
throw ioe;
}
}
Example 14
| Source File: NoneReplayCacheTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args)
throws Exception {
new OneKDC(null);
System.setProperty("sun.security.krb5.rcache", "none");
System.setProperty("sun.security.krb5.acceptor.subkey", "true");
Context c, s;
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
byte[] first = c.take(new byte[0]);
c.take(s.take(first));
byte[] msg = c.wrap("hello".getBytes(), true);
s.unwrap(msg, true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.take(first); // apreq replay not detectable
try {
s.unwrap(msg, true); // msg replay detectable
throw new Exception("This method should fail");
} catch (GSSException gsse) {
gsse.printStackTrace();
}
}
Example 15
| Source File: MSOID.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 16
| Source File: NegotiatorImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
* @param token the token received from server
* @return the next token
* @throws java.io.IOException if the token cannot be created successfully
*/
@Override
public byte[] nextToken(byte[] token) throws IOException {
try {
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support cannot continue. Reason:");
e.printStackTrace();
}
IOException ioe = new IOException("Negotiate support cannot continue");
ioe.initCause(e);
throw ioe;
}
}
Example 17
| Source File: ForwardableCheck.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// USER can impersonate someone else
kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
// USER2 is sensitive
kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));
Context c;
// USER2 is sensitive but it's still able to get a normal ticket
c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);
// ... and connect to another account
c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
c.x().requestCredDeleg(true);
c.x().requestMutualAuth(false);
c.take(new byte[0]);
if (!c.x().isEstablished()) {
throw new Exception("Context should have been established");
}
// ... but will not be able to delegate itself
if (c.x().getCredDelegState()) {
throw new Exception("Impossible");
}
// Although USER is allowed to impersonate other people,
// it cannot impersonate USER2 coz it's sensitive.
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
try {
c.impersonate(OneKDC.USER2);
throw new Exception("Should fail");
} catch (GSSException e) {
e.printStackTrace();
}
}
Example 18
| Source File: ForwardableCheck.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// USER can impersonate someone else
kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
// USER2 is sensitive
kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));
Context c;
// USER2 is sensitive but it's still able to get a normal ticket
c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);
// ... and connect to another account
c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
c.x().requestCredDeleg(true);
c.x().requestMutualAuth(false);
c.take(new byte[0]);
if (!c.x().isEstablished()) {
throw new Exception("Context should have been established");
}
// ... but will not be able to delegate itself
if (c.x().getCredDelegState()) {
throw new Exception("Impossible");
}
// Although USER is allowed to impersonate other people,
// it cannot impersonate USER2 coz it's sensitive.
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
try {
c.impersonate(OneKDC.USER2);
throw new Exception("Should fail");
} catch (GSSException e) {
e.printStackTrace();
}
}
Example 19
| Source File: ForwardableCheck.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// USER can impersonate someone else
kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
// USER2 is sensitive
kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));
Context c;
// USER2 is sensitive but it's still able to get a normal ticket
c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);
// ... and connect to another account
c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
c.x().requestCredDeleg(true);
c.x().requestMutualAuth(false);
c.take(new byte[0]);
if (!c.x().isEstablished()) {
throw new Exception("Context should have been established");
}
// ... but will not be able to delegate itself
if (c.x().getCredDelegState()) {
throw new Exception("Impossible");
}
// Although USER is allowed to impersonate other people,
// it cannot impersonate USER2 coz it's sensitive.
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
try {
c.impersonate(OneKDC.USER2);
throw new Exception("Should fail");
} catch (GSSException e) {
e.printStackTrace();
}
}
Example 20
| Source File: ForwardableCheck.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// USER can impersonate someone else
kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
// USER2 is sensitive
kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));
Context c;
// USER2 is sensitive but it's still able to get a normal ticket
c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);
// ... and connect to another account
c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
c.x().requestCredDeleg(true);
c.x().requestMutualAuth(false);
c.take(new byte[0]);
if (!c.x().isEstablished()) {
throw new Exception("Context should have been established");
}
// ... but will not be able to delegate itself
if (c.x().getCredDelegState()) {
throw new Exception("Impossible");
}
// Although USER is allowed to impersonate other people,
// it cannot impersonate USER2 coz it's sensitive.
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
try {
c.impersonate(OneKDC.USER2);
throw new Exception("Should fail");
} catch (GSSException e) {
e.printStackTrace();
}
}
